Network Address Translation (NAT)

A NAT (Network Address Translation or Network Address Translator) is the virtualization of Internet Protocol (IP) addresses. NAT helps improve security and decrease the number of IP addresses an organization needs.

Download this free guide

How SDN is Transforming WAN Operations: Free Handbook

Access our handbook now to navigate the waters of SDN in the WAN, with tips on overcoming implementation challenges, use cases for SD-WAN, and how to adjust to the altered network engineering career prospects that result.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

NAT gateways sit between two networks, the inside network and the outside network. Systems on the inside network are typically assigned IP addresses that cannot be routed to external networks (e.g., networks in the 10.0.0.0/8 block). A few externally valid IP addresses are assigned to the gateway. The gateway makes outbound traffic from an inside system appear to be coming from one of the valid external addresses. It takes incoming traffic aimed at a valid external address and sends it to the correct internal system. This helps ensure security, since each outgoing or incoming request must go through a translation process that also offers the opportunity to qualify or authenticate incoming streams and match them to outgoing requests, for example.

NAT conserves the number of globally valid IP addresses a company needs, and in combination with Classless Inter-Domain Routing (CIDR) has done a lot to extend the useful life of IPv4 as a result. NAT is described in general terms in IETFRFC 1631.

The NAT mechanism ("natting") is a router feature, and is often part of a corporate firewall. NAT gateways can map IP addresses in several ways:

From a local IP address to one global IP address statically;

From a local IP address to any of a rotating pool of global IP addresses a company may have;

From a local IP address plus a particular TCP port to a global IP address or one in a pool of ports;

From a global IP address to any of a pool of local IP addresses on a round-robin basis.

In some cases, network administrators don't define simple mappings. Instead they define policies that allow the gateway device to assign mappings based on the intended destination ("pick this external address for communications to partner A's network; pick that external address for communications to partner B's"), or on the protocols being used ("assign out of this pool for HTTP traffic, that pool for HTTPS") or on other factors.

A newer role for NAT focuses on translating IPv4 addresses to IPv6, and vice versa, to provide integration of IPv4 infrastructure and end-nodes into IPv6 environments, and allow IPv6 services to interact with IPv4 systems.

4 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy